makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity
Files
d9ec330aca5ae5a4cf5e78b6cae49264ce5927ed
GearBox/.planning/milestones/v2.2-phases/28-profile-and-logto-integration/28-VERIFICATION.md
Jean-Luc Makiola 2853477a75
All checks were successful
CI / ci (push) Successful in 1m15s
Details
CI / e2e (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details
chore: archive v2.2 User Experience Polish milestone 
Phases 28-31 archived to milestones/v2.2-phases/
Requirements and roadmap snapshots archived to milestones/

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 16:00:35 +02:00

84 lines
4.5 KiB
Markdown
Raw Blame History

---
phase: 28
status: human_needed
verified: 2026-04-12
score: 8/11
---
# Phase 28: Profile & Logto Integration - Verification
## Phase Goal
Users have a working profile page with account management powered by Logto, branded login screens, and email verification.
## Must-Haves Verification
### Plan 01: Logto Management API Client & Account Routes
| # | Must-Have | Status | Evidence |
|---|-----------|--------|----------|
| 1 | Logto Management API client acquires and caches M2M access tokens | ✓ PASS | `src/server/services/logto.service.ts` contains `getAccessToken()` with TTL caching; 12 unit tests pass |
| 2 | Password change endpoint verifies current password before setting new one | ✓ PASS | `src/server/routes/account.ts` calls `verifyPassword()` before `updatePassword()` |
| 3 | Email change endpoint updates primary email on Logto user record | ✓ PASS | `POST /api/account/email` calls `logtoClient.updateEmail()` |
| 4 | Account deletion endpoint removes user from both GearBox DB and Logto | ✓ PASS | Transaction deletes DB data, then calls `logtoClient.deleteUser()` |
| 5 | All account management endpoints require authentication | ✓ PASS | `app.use("*", requireAuth)` in account.ts |
### Plan 02: Profile Page & Settings Separation
| # | Must-Have | Status | Evidence |
|---|-----------|--------|----------|
| 6 | /profile route renders profile info, account info, security, and danger zone sections | ✓ PASS | `src/client/routes/profile.tsx` has all four sections |
| 7 | /settings no longer contains ProfileSection | ✓ PASS | `grep -c "ProfileSection" src/client/routes/settings.tsx` returns 0 |
| 8 | Profile page shows email from auth session and member-since date | ✓ PASS | AccountInfoSection renders email and formatted createdAt |
### Plan 03: Navigation, /me Extension, Logto Configuration
| # | Must-Have | Status | Evidence |
|---|-----------|--------|----------|
| 9 | Navigation includes link to /profile page | ✓ PASS | UserMenu.tsx contains `<Link to="/profile">` |
| 10 | /me endpoint returns createdAt field | ✓ PASS | auth.ts queries full user record, returns `createdAt: fullUser?.createdAt?.toISOString()` |
| 11 | Logto sign-in page shows GearBox branding | PENDING | Requires manual Logto Console configuration |
## Automated Checks
```
bun test tests/services/logto.service.test.ts → 12/12 pass
bun run lint → 0 errors
grep "accountRoutes" src/server/index.ts → found
grep "requireAuth" src/server/routes/account.ts → found
grep "ProfileSection" src/client/routes/settings.tsx → not found (correct)
```
## Human Verification Required
The following items require manual verification after Logto Console configuration:
1. **D-07**: Visit /login — verify GearBox branding (logo, colors) appears on Logto sign-in page
2. **D-08**: Verify auth.gearbox.de resolves to Logto (if custom domain configured)
3. **D-09**: Verify Google and GitHub social sign-in buttons appear on login page
4. **D-10**: Create new account — verify email verification is required
5. **D-11**: Try weak password at signup — verify policy enforcement (8+ chars, mixed case, number)
6. **Profile page**: Navigate to /profile — verify all four sections render with correct data
7. **Password change**: Change password using the Security section — verify success/error flows
8. **Email change**: Change email using the Account section — verify update reflects
9. **Settings page**: Visit /settings — verify ProfileSection is gone, only app preferences remain
## Decision Coverage
| Decision | Implemented | Notes |
|----------|------------|-------|
| D-01 | ✓ | Profile at /profile, settings keeps only app preferences |
| D-02 | ✓ | Profile shows displayName, bio, avatar, email, member-since |
| D-03 | ✓ | No gear stats on profile page |
| D-04 | ✓ | All account management proxied through GearBox backend |
| D-05 | ✓ | Three actions: change password, change email, delete account |
| D-06 | ✓ | Deletion anonymizes public setups to "Deleted User" sentinel |
| D-07 | PENDING | Requires Logto Console CSS/branding configuration |
| D-08 | PENDING | Requires DNS/reverse proxy configuration |
| D-09 | PENDING | Requires Logto Console social connector setup |
| D-10 | PENDING | Requires Logto Console sign-up configuration |
| D-11 | PENDING | Requires Logto Console password policy configuration |
## Summary
Code implementation is complete (8/11 must-haves verified). Remaining 3 items are Logto Console configuration tasks that require manual human action. No code gaps found.
Reference in New Issue View Git Blame Copy Permalink